2 Feb
2004
2 Feb
'04
2:48 a.m.
Russell Fulton
I believe that network administrators (both corporate and ISP) need to be proactive in looking for trouble and to have effective means of dealing with machines that are causing it.
At this site, snort/ACID is proving amazingly handy, especially when portscan.log is monitored as well, and for example we look at boxes which are racking up a lot of outbound firewall denies on 25/tcp and ports 135-139 etc. But then our network model is particularly snort-friendly. cheers, Jamie -- James Riden / j.riden(a)massey.ac.nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/